CN111246259A - Broadcast encryption system based on zero knowledge proof - Google Patents
Broadcast encryption system based on zero knowledge proof Download PDFInfo
- Publication number
- CN111246259A CN111246259A CN202010031554.3A CN202010031554A CN111246259A CN 111246259 A CN111246259 A CN 111246259A CN 202010031554 A CN202010031554 A CN 202010031554A CN 111246259 A CN111246259 A CN 111246259A
- Authority
- CN
- China
- Prior art keywords
- user
- broadcast
- encryption system
- broadcast encryption
- local server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Graphics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention relates to the technical field of broadcast encryption, and discloses a broadcast encryption system based on zero knowledge proof, which comprises: broadcasting terminal BcUser end U running with decoding system softwareiAnd for the user terminal UiThe local server S performs identity authentication, and broadcast encryption system software is operated on the local server S; the local server S is connected with the user side U through the network communication equipmentiRealize the communication connection between each other, user end UiThrough broadcast signal and broadcast terminal BcPerforms communication, and the broadcast terminal BcThe communication connection between the local server S and the network communication equipment is realized; as the user side UiTo broadcast end BcWhen transmitting a request for decoding a broadcast signal, the broadcasting terminal BcThe broadcast encryption system through the local server S adopts a user authentication method based on zero knowledge certification to the user side UiOnAnd the user performs identity authentication. The invention realizes the technical effects of safely adding authorized users and eliminating overdue users under the condition that the authorized users do not need to change the private keys.
Description
Technical Field
The invention relates to the technical field of broadcast encryption, in particular to a broadcast encryption system based on zero knowledge certification.
Background
Broadcast encryption means that in each session, the broadcaster must encrypt the session key and then distribute it over an unsecured channel to the dynamic group users, only authorized users being able to decrypt the secret information. With the development of the Internet, broadcast encryption is increasingly used, such as pay television, video conference, etc., and these applications also put new demands on broadcast encryption schemes.
Pay television and like systems consist of a broadcaster and a set of authorized users. The broadcaster encrypts the signal with the group key and then broadcasts to the full group of authorized users. The user side decrypts the received broadcast signal by using the embedded decryption key through the decoder. The broadcaster needs to manage the update of the members in the group, and perform operations such as removing users and adding users. Applications such as pay-tv require as little computation as possible in the decryption of the broadcast encryption scheme, due to the limited computational power of the decoder, and can securely add authorized users and remove outdated users without requiring the authorized users to change the private key.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a broadcast encryption system based on zero knowledge proof, which adopts a user authentication method based on zero knowledge proof so as to realize the technical purposes of safely adding authorized users and removing expired users under the condition that the authorized users do not need to change private keys.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a zero knowledge proof based broadcast encryption system comprising: broadcasting terminal B for providing broadcasting signalcUser terminal U for receiving broadcast signal and running decoding system softwareiAnd for the user terminal UiThe local server S performs identity authentication, and broadcast encryption system software is operated on the local server S;
the local server S is connected with the user side U through the network communication equipmentiRealize the communication connection between each other, user end UiThrough broadcast signal and broadcast terminal BcPerforms communication, and the broadcast terminal BcThe communication connection between the local server S and the network communication equipment is realized;
as the user side UiTo broadcast end BcWhen transmitting a request for decoding a broadcast signal, the broadcasting terminal BcThe broadcast encryption system through the local server S adopts a user authentication method based on zero knowledge certification to the user side UiThe user authentication method of the broadcast encryption system comprises the following steps:
the method comprises the following steps: user side UiOf the user (S) at the local server SThe method for performing user registration on the broadcast encryption system specifically comprises the following steps: user side UiThe user sets large prime numbers E and F, calculates H as E multiplied by F, and transmits H to the broadcast encryption system;
step two: the broadcast encryption system of the local server S starts to the user UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(a) broadcast encryption system pops up on authentication page and user side UiA dialog box for the user to perform interactive communication;
(b) the broadcast encryption system randomly generates a large integer W and calculates L ═ W4modH、M=W2modH, displaying L in the dialog box;
(d) the broadcast encryption system verifies whether the equation M is true or not;
if the equation M is true, the ue U is determined to be M ″iThe user of (2) knows the composite private keys E and F, i.e. via the user side UiTo the user.
Further, the first step: user side UiThe user registration on the broadcast encryption system of the local server S specifically includes:
(a) broadcast encryption system pops up on registration page and user side UiA dialog box for the user to perform interactive communication;
(b) user side UiThe user above sets large prime numbers E and F, calculates H ═ E × F, and inputs H into the dialog box.
Furthermore, the interactive communication dialog box has a traceless communication function, that is, all interactive communication contents in the dialog box have no backup record.
Further, step (b), step (c) and step (d) in the second step constitute a round of verification, and t is repeatedly executediSecond, if the user terminal UiThe user can correctly calculate M' each time, the broadcast encryption system passes through the user UiThe identity authentication of (1).
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
user side U in the inventioniTo broadcast end BcWhen transmitting a request for decoding a broadcast signal, the broadcasting terminal BcThe broadcast encryption system through the local server S adopts a user authentication method based on zero knowledge certification to the user side UiThe user on the system carries out identity authentication and only has a user side UiThe identity of the user passes the authentication of the broadcast encryption system and proves to be a legal user, and the broadcast terminal BcJust allow the user side UiThe decoding system decodes the received broadcast signal;
and at the user end UiAfter the user authentication is completed, the broadcast encryption system only knows the user end UiIf the identity of the user is legal, it does not know the user end UiThe user of (2), i.e. the user end UiThe user completes the identity verification on the premise of not revealing own composite private keys E and F;
therefore, the technical effects of safely adding authorized users and removing overdue users under the condition that the authorized users do not need to change the private keys are achieved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A zero knowledge proof based broadcast encryption system comprising: broadcasting terminal B for providing broadcasting signalcFor receiving broadcast signals anduser end U with decoding system softwareiAnd for the user terminal UiThe local server S performs identity authentication, and broadcast encryption system software is operated on the local server S;
the local server S is connected with the user side U through the network communication equipmentiRealize the communication connection between each other, user end UiThrough broadcast signal and broadcast terminal BcPerforms communication, and the broadcast terminal BcThe communication connection between the local server S and the network communication equipment is realized;
as the user side UiTo broadcast end BcWhen transmitting a request for decoding a broadcast signal, the broadcasting terminal BcThe broadcast encryption system through the local server S adopts a user authentication method based on zero knowledge certification to the user side UiThe user authentication method of the broadcast encryption system comprises the following steps:
the method comprises the following steps: user side UiThe user registration on the broadcast encryption system of the local server S specifically includes:
(a) broadcast encryption system pops up on registration page and user side UiA dialog box for the user to perform interactive communication;
(b) user side UiThe user above sets large prime numbers E and F, calculates H ═ E × F, and inputs H into the dialog box;
the large prime numbers E and F are composite private keys which are unique legal certification keys and are only user ends UiThe user(s) is in possession of the private key alone, i.e. the broadcast encryption system does not know the private key;
step two: as the user side UiTo broadcast end BcWhen transmitting a request for decoding a broadcast signal, the broadcasting terminal BcStarting of the broadcast encryption system to the user U through the local server SiThe identity of the user is verified, and the specific verification process comprises the following steps:
(a) broadcast encryption system pops up on authentication page and user side UiTo a user of the system to carry out interactive communication sessionsFraming;
(b) the broadcast encryption system randomly generates a large integer W and calculates L ═ W4modH、M=W2modH, displaying L in the dialog box;
(d) the broadcast encryption system verifies whether the equation M is true or not;
if the equation M is true, the ue U is determined to be M ″iThe user of (2) knows the composite private keys E and F, i.e. via the user side UiAuthentication of the user;
preferably, the steps (b), (c) and (d) constitute a round of verification, and t is repeatedly performediSecond, if the user terminal UiThe user can correctly calculate M' each time, the broadcast encryption system passes through the user UiThe identity authentication of (2);
if in the execution process of a certain round of verification, the user terminal UiIf the user above fails, the whole authentication process is terminated, and the user side U is connected to the serveriThe user of (2) is not authenticated by the broadcast encryption system;
after the authentication is completed, the broadcast encryption system only knows the user end UiIf the identity of the user is legal, it does not know the user end UiThe user of (2), i.e. the user end UiThe user completes the identity verification on the premise of not revealing own composite private keys E and F;
if the user end UiThe identity of the user passes the authentication of the broadcast encryption system, and then the user side U is provediThe user identity is legal, and the broadcasting terminal B is in the momentcAllowing user side UiThe decoding system decodes the received broadcast signal;
if the user end UiIf the identity of the user is not authenticated by the broadcast encryption system, the user side U is provediThe identity of the user is illegal, and the broadcast terminal BcRejecting user side UiThe decoding system decodes the received broadcast signal;
the interactive communication dialog box has a traceless communication function, namely all interactive communication contents in the dialog box have no backup record.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. A broadcast encryption system based on zero knowledge proof, comprising: broadcasting terminal B for providing broadcasting signalcUser terminal U for receiving broadcast signal and running decoding system softwareiAnd for the user terminal UiThe local server S performs identity authentication, and broadcast encryption system software is operated on the local server S;
the local server S is connected with the user side U through the network communication equipmentiRealize the communication connection between each other, user end UiThrough broadcast signal and broadcast terminal BcPerforms communication, and the broadcast terminal BcThe communication connection between the local server S and the network communication equipment is realized;
as the user side UiTo broadcast end BcWhen transmitting a request for decoding a broadcast signal, the broadcasting terminal BcThe broadcast encryption system through the local server S adopts a user authentication method based on zero knowledge certification to the user side UiThe user authentication method of the broadcast encryption system comprises the following steps:
the method comprises the following steps: user side UiThe user registration on the broadcast encryption system of the local server S specifically includes: user side UiThe user above sets large prime numbers E and F, calculates H ═ E × F, and transmits H to the broadcast encryptionA system;
step two: the broadcast encryption system of the local server S starts to the user UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(a) broadcast encryption system pops up on authentication page and user side UiA dialog box for the user to perform interactive communication;
(b) the broadcast encryption system randomly generates a large integer W and calculates L ═ W4mod H、M=W2mod H, displaying L in a dialog box;
(d) the broadcast encryption system verifies whether the equation M is true or not;
if the equation M is true, the ue U is determined to be M ″iThe user of (2) knows the composite private keys E and F, i.e. via the user side UiTo the user.
2. The broadcast encryption system of claim 1, wherein the first step: user side UiThe user registration on the broadcast encryption system of the local server S specifically includes:
(a) broadcast encryption system pops up on registration page and user side UiA dialog box for the user to perform interactive communication;
(b) user side UiThe user above sets large prime numbers E and F, calculates H ═ E × F, and inputs H into the dialog box.
3. The broadcast encryption system of claim 2, wherein the interactive communication dialog box is traceless communication capable, i.e., no backup record is available for all interactive communication content in the dialog box.
4. A broadcast encryption system according to claim 3The method is characterized in that the step (b), the step (c) and the step (d) in the step two form a round of verification, and the step t is repeatedly executediSecond, if the user terminal UiThe user can correctly calculate M' each time, the broadcast encryption system passes through the user UiThe identity authentication of (1).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010031554.3A CN111246259A (en) | 2020-01-13 | 2020-01-13 | Broadcast encryption system based on zero knowledge proof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010031554.3A CN111246259A (en) | 2020-01-13 | 2020-01-13 | Broadcast encryption system based on zero knowledge proof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111246259A true CN111246259A (en) | 2020-06-05 |
Family
ID=70872634
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010031554.3A Pending CN111246259A (en) | 2020-01-13 | 2020-01-13 | Broadcast encryption system based on zero knowledge proof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111246259A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818015A (en) * | 2020-06-10 | 2020-10-23 | 胡全生 | Security protection system suitable for remote node access |
CN111832006A (en) * | 2020-07-16 | 2020-10-27 | 浙江甬恒科技有限公司 | Patent retrieval platform based on intelligent operation and maintenance management |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006007796A1 (en) * | 2004-07-21 | 2006-01-26 | Huawei Technologies Co., Ltd | A method for obtaining user's on-line information |
CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
CN102231666A (en) * | 2011-06-29 | 2011-11-02 | 电子科技大学 | Zero knowledge identity authentication method based on strong primes |
US20130227594A1 (en) * | 2010-02-11 | 2013-08-29 | Christopher Boone | Systems and methods for an enhanced, steganographic, embedded secure transaction system |
CN105024823A (en) * | 2015-07-27 | 2015-11-04 | 中国船舶重工集团公司第七0九研究所 | Zero-knowledge proof-based method and system for protecting user identity privacy |
-
2020
- 2020-01-13 CN CN202010031554.3A patent/CN111246259A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006007796A1 (en) * | 2004-07-21 | 2006-01-26 | Huawei Technologies Co., Ltd | A method for obtaining user's on-line information |
US20130227594A1 (en) * | 2010-02-11 | 2013-08-29 | Christopher Boone | Systems and methods for an enhanced, steganographic, embedded secure transaction system |
CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
CN102231666A (en) * | 2011-06-29 | 2011-11-02 | 电子科技大学 | Zero knowledge identity authentication method based on strong primes |
CN105024823A (en) * | 2015-07-27 | 2015-11-04 | 中国船舶重工集团公司第七0九研究所 | Zero-knowledge proof-based method and system for protecting user identity privacy |
Non-Patent Citations (1)
Title |
---|
张仕斌等: "《应用密码学》", 31 January 2017, 西安电子科技大学出版社 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111818015A (en) * | 2020-06-10 | 2020-10-23 | 胡全生 | Security protection system suitable for remote node access |
CN111832006A (en) * | 2020-07-16 | 2020-10-27 | 浙江甬恒科技有限公司 | Patent retrieval platform based on intelligent operation and maintenance management |
CN111832006B (en) * | 2020-07-16 | 2021-07-20 | 浙江甬恒科技有限公司 | Patent retrieval platform based on intelligent operation and maintenance management |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101431415B (en) | Bidirectional authentication method | |
JP5346025B2 (en) | Security signature method, security authentication method, and IPTV system | |
US7933414B2 (en) | Secure data distribution | |
US20050204038A1 (en) | Method and system for distributing data within a network | |
US20090150672A1 (en) | Method and apparatus for mutual authentication in downloadable conditional access system | |
US20030005301A1 (en) | Apparatus and method for enabling secure content decryption within a set-top box | |
EP1965538B1 (en) | Method and apparatus for distribution and synchronization of cryptographic context information | |
US20030018917A1 (en) | Method and apparatus for delivering digital media using packetized encryption data | |
CN109218825A (en) | A kind of video encryption system | |
JP2012044716A (en) | Method and apparatus for secure transmission of data | |
WO2006024233A1 (en) | Method for protecting broadband video and audio broadcast content | |
US8117447B2 (en) | Authentication method employing elliptic curve cryptography | |
CN101951318A (en) | Bidirectional mobile streaming media digital copyright protection method and system | |
CN109151508A (en) | A kind of video encryption method | |
CN102523495A (en) | IPTV system and method for realizing playing hotlinking prevention | |
GB2417652A (en) | Generating a content decryption key using a nonce and channel key data in an endpoint device | |
US20170169194A1 (en) | Method and system for providing secure codecs | |
US20230132485A1 (en) | System for Thin Client Devices in Hybrid Edge Cloud Systems | |
CN111246259A (en) | Broadcast encryption system based on zero knowledge proof | |
CN113347215A (en) | Encryption method for mobile video conference | |
CN107426521A (en) | A kind of video call method and terminal | |
CN108768920A (en) | A kind of recorded broadcast data processing method and device | |
CN113676478B (en) | Data processing method and related equipment | |
CN116471128A (en) | Secure audio communication method and system for vehicle and external equipment | |
CN113839786A (en) | SM9 key algorithm-based key distribution method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200605 |